Health care providers have been the primary targets of cyberattacks, with several data breaches and ransomware attacks making headlines in the last few years. Health care organizations have suffered the highest number of cyberattacks than any other sector in the U.S.
According to a survey from privacy website PrivacyAffairs.com, health care data breaches increased by 2,733% between 2009 and 2019 in the U.S., at an average of 1.4 breaches exposing at least 500 records per day. The survey “U.S. Healthcare Data Breach Statistics” revealed over 3,054 data breaches of health care records over the past decade.
Large Amount of Compromised Data
The survey highlighted that 70% of the U.S. population is affected by health care data breaches, with over 230,954,151 health records lost, stolen, or exposed in various security incidents. It is found that 2018 and 2019 witnessed a sharp increase in the number of individuals affected by health care data breaches, with a six-fold increase between 2017 and 2019.
Biggest Health Care Breachescription
The ten biggest health care data breaches of the past decade according to the study include:
| Organization Individuals Affected Year | ||
| Anthem Inc. | 78,800,000.00 | 2015 |
| Premera Blue Cross | 11,000,000.00 | 2015 |
| Laboratory Corporation of America Holdings dba LabCorp | 10,251,784.00 | 2019 |
| Excellus Health Plan, Inc. | 10,000,000.00 | 2015 |
| Community Health Systems Professional Services Corporations | 6,121,158.00 | 2014 |
| Science Applications International Corporation (SAIC) | 4,900,000.00 | 2011 |
| Excellus Health Plan, Inc. | 10,000,000.00 | 2015 |
| University of California, Los Angeles Health | 4,500,000.00 | 2015 |
| Community Health Systems Professional Services Corporation | 4,500,000.00 | 2014 |
| Advocate Health and Hospitals Corporation, d/b/a Advocate Medical Group | 4,029,530.00 | 2013 |
| Medical Informatics Engineering | 3,900,000.00 | 2015 |
escription
Vulnerable Systems
Majority of the hospitals are vulnerable to cyberattacks as many of them are using outdated computers and connected medical devices. Most of the hospital security teams neglect known vulnerabilities leaving them unpatched.
“A huge number of modern medical devices rely on networking in order to relay information and work together. Like using a smartphone to control your thermostat, hospitals increasingly rely on IoT for improved patient care. Due to the vast number of connected devices in hospitals, the logistical challenge for IT teams is often too great for proper cybersecurity maintenance. Add to this that medical devices are not usually built with security baked in, and it’s easy to see why medical devices are often used as an entry point for an attacker to gain access to a healthcare provider’s network,” the survey report stated.
